Switch System Flaws: Difference between revisions
imagine knowing what month it is |
|||
| Line 911: | Line 911: | ||
| November 9, 2022 | | November 9, 2022 | ||
| [[User:Hexkyz|hexkyz]] | | [[User:Hexkyz|hexkyz]] | ||
|- | |||
| [[Bluetooth_Driver_services|bluetooth]] WriteGattCharacteristic/WriteGattDescriptor stack buffer overflow regression | |||
| Originally btdrv WriteGattCharacteristic/WriteGattDescriptor (bt service LeClientWriteCharacteristic/LeClientWriteDescriptor are the same) validated the input buffer size. However the size check was removed with [12.0.0+] (which was also when bluetooth was refactored), hence stack buffer overflow. Anything with btdrv/bt services access can trigger it. While this is intended to require a BLE connection, it seems to be possible to trigger the buffer overflow without any BLE connection by passing ConnectionHandle=0xFFFFFFFF (handle not tested on hardware). | |||
| Bluetooth-sysmodule stack buffer overflow on [12.0.0-15.0.1], with data from BLE IPC cmds. | |||
| [[16.0.0]] | |||
| [[16.0.0]] | |||
| December 10, 2021 | |||
| February 23, 2023 | |||
| [[User:Yellows8|yellows8]] | |||
|} | |} | ||